Reflected cross-site scripting (XSS) In league/commonmark
Description
PHP League CommonMark vulnerable to Cross-Site Scripting (XSS) Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as javascri%0apt).
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 packagist | 0.18.1 |
Aliases
1. 2. 3. 4.
References
1. 2. 3. 4.